One of the hard problems remaining in information security is preventing a PC that is missing patches or has out of date anti-virus from connecting to the network. Ideally, the network would evaluate the security posture of the PC prior to allowing a connection and prevent insecure PC’s from communicating on a LAN or WAN.
Microsoft [...]

InfraGard holds an annual meeting that brings leaders from all chapters across the country to conduct InfraGard business. The attendees at these meetings are an impressive group from industry and government (the location in DC draws high level USG attendees).
This year, InfraGard has decided to add a two day conference after the annual meeting. I’ve [...]

Last night I received a couple of e-mails from a very well known individual in the SCADA security industry with an attachment containing the W32.Beagle.AZ virus. My Norton anti-virus deleted it before I even had a chance to do the wrong thing. Hopefully everyone else who received it was also protected.
This is a great example [...]

My first column in Control magazine’s SecureSystem Insider is online now. Here is an excerpt:
“Is it impossible for all SCADA IP control protocols to implement a common
security protocol? The answer is in the question. When the serial protocols
wanted to transit over IP networks they all found a way to encapsulate their
individual serial protocol formats into [...]

The annual RSA Conference, the biggest IT Security event of the year, begins this week. Keynotes from Bill Gates, John Chambers (Cisco), John Thompson (Symantec), Frank Abagnale (Catch Me If You Can guy); many of the top cryptographers like Ron Rivest and Whit Diffie; and just about every IT security product vendor. You will see [...]

Another PCSRF conference call today. Still no progress on developing Common Criteria protection profiles for control systems or subsystems. A smaller working group is being formed in PCSRF to begin drafting one or more protection profiles. This is a sensible move for writing a very complex document.
A new group, the Process Control Systems Forum (PCSF) [...]

I reviewed the AGA 12 cyber security documents in an earlier blog entry, and I haven’t tracked progress closely because I’m not a big proponent of encryption as the communication security solution.
A presentation at Distributech peaked my interest again, and there have been some changes and new developments.
First, prototype AGA 12 bump-in-the-line encryptors have been [...]

Digital Bond has teamed with the Infosec Institute to develop and deliver a 3-day boot camp on SCADA Security. The first class is at the end of March, and I will be developing the courseware this month and teaching the first three classes.
My goal in this class is to put SCADA system managers, administrators [...]

The small Digital Bond team met at the august Digital Bond world headquarters in early January to discuss our quest for 2005. In 2004, we saw some tremendous progress from our SCADA clients. They were deploying smart card authentication, had strong security perimeters, 24×7 cyber security monitoring, SCADA security policies and some even had audited [...]